<?php
	include_once dirname(dirname(dirname(__FILE__))).'/include/db_connect.php';
	function dowith_sql($str)
	{
		$str = str_replace("and","",$str);
		$str = str_replace("execute","",$str);
		$str = str_replace("update","",$str);
		$str = str_replace("count","",$str);
		$str = str_replace("chr","",$str);
		$str = str_replace("mid","",$str);
		$str = str_replace("master","",$str);
		$str = str_replace("truncate","",$str);
		$str = str_replace("char","",$str);
		$str = str_replace("declare","",$str);
		$str = str_replace("select","",$str);
		$str = str_replace("create","",$str);
		$str = str_replace("delete","",$str);
		$str = str_replace("insert","",$str);
		$str = str_replace("'","",$str);
		//$str = str_replace(""","",$str);
		$str = str_replace(" ","",$str);
		$str = str_replace("or","",$str);
		$str = str_replace("=","",$str);
		$str = str_replace("%20","",$str);
		//echo $str;
		return $str;
	}
	
	function alertInfo($msg,$url) {
		echo '<!DOCTYPE html><html><head><script>alert("'.$msg.'");
		window.location="'.$url.'";</script></head><body></body></html>';
	}
	
function  updateSUser($params,$id){
	
	$sql = "update s_user set ";
	$tmp = "";
	foreach ($params as $key => $item) {
		$tmp.=",".$key." = ".$item;
	}
	$sql = $sql.substr($tmp, 1).' where id = '.$id.';';
	$conn = get_db_conn();
	if(mysql_query($sql,$conn)) return true;
	else  return  false;
	
}
	function getSUser($userName,$password){
	$conn = get_db_conn();
	$sql = "select * from s_user where username='".$userName."' and password='".$password
	."' limit 0,1;";
	$ret = mysql_query($sql,$conn);
	if ($ret) {
		mysql_close($conn);
		return $ret;
	}else {
		echo "error: ".mysql_error();
		mysql_close($conn);
		return false;
	}
		
	}
	
	function  getSUserById($id){
		$conn = get_db_conn();
		$sql = "select * from s_user where id='".$id."' limit 0,1;";
		$ret = mysql_query($sql,$conn);
		if ($ret) {
			mysql_close($conn);
			return $ret;
		}else {
			echo "error: ".mysql_error();
			mysql_close($conn);
			return false;
		}
		
		
	}
	function getPlaceApplyByUserId($s_user_id){
	
		$conn=get_db_conn();
		$sql='select pa.*,pat.table_content,pat.date
			 from place_apply pa left join place_apply_table
				pat on pa.place_apply_table_id=pat.id
				where pa.s_user_id="'.$s_user_id.'" order by pa.create_time desc;';
		$ret = mysql_query($sql,$conn);
		if ($ret) {
			mysql_close($conn);
			return $ret;
		}else {
			echo "error: ".mysql_error();
			mysql_close($conn);
			return false;
		}
	
	}
	
	function isSUserNameExist($userName){

		$conn = get_db_conn();
		$sql = 'select count(*) as cnt from s_user where username="'.$userName.'";';
		$result = mysql_query($sql,$conn) or die("数据库查询出错!");
		$ret = mysql_fetch_array($result);
		if($ret['cnt']>0)return true;
		else return false;
	}
	function isUsernameExist($username) {
		$sql = 'select count(*) as cnt from user where username="'.$username.'";';
		$conn = get_db_conn();
		$result = mysql_query($sql,$conn) or die("db error");
		$ret = mysql_fetch_array($result);
		if($ret['cnt']>0)return true;
		else return false;
	}
	
	
	function addSUser($params){
		$col="";
		$val="";
		foreach ($params as $key => $item) {
			$col.=",".$key;
			$val.=",".$item;
		}
		$sql = "insert into s_user(".substr($col, 1).") values (".substr($val, 1).");";
		$conn = get_db_conn();
		if(mysql_query($sql,$conn))return true;
		else  {
			echo $sql;
			echo mysql_error();
			return false;
		}
	}
?>